netbsd-bugs: port-powerpc/22485: SIGSEGV reports as SIGILL ( (bash), uid 100: exited on signal 4 (core dumped))

Subject: port-powerpc/22485: SIGSEGV reports as SIGILL ( (bash), uid 100: exited on signal 4 (core dumped))
To: None <gnats-bugs@gnats.netbsd.org>
From: None <mlr@rse.com>
List: netbsd-bugs
Date: 08/14/2003 15:39:35

>Number:         22485
>Category:       port-powerpc
>Synopsis:       SIGSEGV reports as SIGILL ( (bash), uid 100: exited on signal 4 (core dumped))
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    port-powerpc-maintainer
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Aug 14 19:44:00 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator:     M L Riechers
>Release:        NetBSD 1.6P
>Organization:
M L Riechers Systems Engineering
	
>Environment:
	
	
System: NetBSD t982.rse.com 1.6P NetBSD 1.6P (EASTERN-1.6P.backside) #0: Fri Mar 21 18:07:11 EST 2003 mlr@t982.rse.com:/mnt2/usr/local/src/usr/src/sys/arch/macppc/compile/EASTERN-1.6P.backside macppc
Architecture: powerpc
Machine: macppc
>Description:
bash has a difficulty handling say, keyboard function key 3 (which will be the
subject of another PR), the end result being that the stack over-grows its limits
(downward) because of a function errantly and recursively calling itself.  The
program finally fails because of a store or load to invalid memory area.

trap.c properly recognises this as an invalid load or store, and issues
                        trapsignal(l, SIGSEGV, EXC_DSI);
and, as far as I can tell, does not issue a SIGILL, which seems to come from
some other place.

This is the trap error message from mbx, but macppc behavior is identical:

TRAP.C Data TLB Error Exception: Some user dude SIGSEGV's at 0x7fdfeff0,
                              instruction address is 0x185c17c, dsisr is 0xc2000000, frame is 
0x0xe6ac2f48,
                              the M_TWB is 0x3ea0e68, the M_TW is 0xe6ac2b60, R1 is 0xe6ac2cb0
  0x185c16c  0x7fdff030  0x18a0ef4  0x100  0x18b4008  0x0  0x18a42b8  0x0  0x18a0000  0x186ec2
c  0x186ec2c  0x18a0000  0x44000022  0x18a8d80  0x0  0x0  0x0  0x18a0000  0x1  0x18a0000  0x18a0
000  0x18a0000  0x18a0000  0x18a0000  0x0  0x189e6c8  0xfffffffe  0x18a0000  0x4f  0x278  0x189e
450  0x44000024  0x185c16c  0x84000024  0x20000000  0x41921d2c  0x185c17c  0xd032  0x7fdfeff0  0
xc2000000  0x1400  0x0  0x0

Aug 12 16:15:05 west /netbsd: pid 10860 (bash), uid 100: exited on signal 4 (core dumped)

The 0x1400 exception, the value in R1 (0x7fdff030) matching dsisr
0x7fdfeff0 (with update), the debug message location in trap.c, and
the user's IA clearly show that it's a data fault.

>How-To-Repeat:

Telnet to or start an X window on macppc (but probably any powerpc)
port.  Run bash.  Press some key combo that goes to bash (rather than
being caught by say the window manager) along the lines of F3, or
the sequence

	 ^[ [ 1 3 ~

bash should coredump with a signal 4.

Inspect the dump.  It will say SIGILL, but you should find some
evidence of the stack overgrowth.

>Fix:
	
I'm at a loss.  Inspection of trap.c says "this shouldn't be."
>Release-Note:
>Audit-Trail:
>Unformatted: